MUA "automatically signs keys"?
MFPA
2014-667rhzu3dc-lists-groups at riseup.net
Thu Jan 30 01:04:17 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Wednesday 29 January 2014 at 7:57:12 PM, in
<mid:6757499.FAIGtOWeFj at mani>, Johannes Zarl wrote:
> Under the assumption
> that an attacker can't reliably do a MITM attack on
> every message that is sent over an extended time
> period
Why would that be assumed? In a corporate setting the MITM could be
placed within the company's network, for a home user their ISP or
email provider could be used, and for mobiles, the phone network.
> , you would place almost no trust in a fresh
> persona-certified key, but high trust in an old and
> frequently encountered key.
The older the key, the greater the opportunity for compromise.
> The trust would grow with
> time (just like the trust into someone you know in real
> life).
If a person I knew well in real life were "compromised" they are
likely a poor enough actor for it to be easily-noticed.
- --
Best regards
MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
The second mouse gets the cheese
-----BEGIN PGP SIGNATURE-----
iPQEAQEKAF4FAlLplxVXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5p/PAEAMLzMDuW9+rogvLcrYKTKPZOZDyfj3CwaG+l
h5IjlkH1I+wsYooLti/c8hBklE1RxHXlbDjnmjph88IAK2+hHvBtC+HUra+2BZbp
KxDeYvthnSeeZ7R1Ry3yX9c7OUO4J2xAZPCVTFmmBoX06jf/nBBHQGAelmnrTF5L
dXkfQPTu
=8zBv
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list